Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    30.5MB

  • Sample

    241215-2lf1razrgs

  • MD5

    a76406bff5ba7a0228ba232cc2ecfee7

  • SHA1

    023b9097a4beca140cfba5f1c15d747ebf6ec070

  • SHA256

    fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8

  • SHA512

    d7838d367158ece880c13cb063665e5fc18b8c1af4368e457cfa60a0b3594d064686d4ffd5bace79a82fab61106772ded5b67a7a3f5b6a0d92997b9d8adeb605

  • SSDEEP

    786432:5iIZRZW8FPm1N2+9qxqzcY876K3v1n8vSFumJWoIQ8lZ:EEWSm2+9E7z1XFu0H2

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      30.5MB

    • MD5

      a76406bff5ba7a0228ba232cc2ecfee7

    • SHA1

      023b9097a4beca140cfba5f1c15d747ebf6ec070

    • SHA256

      fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8

    • SHA512

      d7838d367158ece880c13cb063665e5fc18b8c1af4368e457cfa60a0b3594d064686d4ffd5bace79a82fab61106772ded5b67a7a3f5b6a0d92997b9d8adeb605

    • SSDEEP

      786432:5iIZRZW8FPm1N2+9qxqzcY876K3v1n8vSFumJWoIQ8lZ:EEWSm2+9E7z1XFu0H2

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      16KB

    • MD5

      725de9fcbbafc763e52c1890229e95d3

    • SHA1

      9f706ed61c350f634c1219a450680d8d943fab94

    • SHA256

      61a871eed93301374ff8242c30e7da5ef568ba1fdd612482a0bba99583ae675f

    • SHA512

      993ec6762f902ccd8753ce64a045717255aa63d7af58f0e38f997e4433ff302581479ef83a2bf0faba768981d2e471b01071de7373894fc506716571ba61e56a

    • SSDEEP

      384:nGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:nGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      c9a26682b507d80f6293b7812712a656

    • SHA1

      08717581287f9ce3ce45620b65bf9af9388bd56d

    • SHA256

      977c728a338029209993bdea34d5476491be08fedcdc4d9810aa477e26118638

    • SHA512

      54eeb20ea0cf309fa5eb31b3f37318e07965217f6f8adc8b1ba2cef8c7559db82792b8470f44e8989efde29b31b13e79d97c6c9a6549e765190336edbc4c02c7

    • SSDEEP

      192:lNal3eiNis9QfUFoxJvm79F211G67+PtAhN:lJiB2lrj7jKlAhN

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      f450829addc19ea4da350682ab197177

    • SHA1

      d945d4aeb21e9aa3b995c05afa4ae9310427b664

    • SHA256

      5d285150443c750bb0b68da4cc87732b81703e9665f719247a0ee62bd9482ca6

    • SHA512

      645a11a031c4872b378201555a1c2a0aaa5537cb83d9a98028f09dbcfac527b691b8ef417b616ad2a7ce3d2920f4081fbd8dd201e83db74dacb01615510d15bb

    • SSDEEP

      96:XSMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:iolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      7d2e86e5d8afcff3d134f866f33d836c

    • SHA1

      1791cfa048717d69f51c56ecf63f5047b088532d

    • SHA256

      30c7051140e658b94573f4fd7bcdfcef0ac6e54aec22a69220632437f6f465cd

    • SHA512

      555fb2eafcb4a9d5762608396969d635e6d260f50089e1bc949a2c37aa6531526ee8c3e365e10b88b04b5afb966d3d112e5bbcf4414e4ffef305c1fbb61dbc5b

    • SSDEEP

      192:A114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:64qWLfMtzVxDAEW7

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      151KB

    • MD5

      6b41517dd07f6882ad204c5de8abcc77

    • SHA1

      fca3551b4b7dc52c02f47a89eee8565dd20aa371

    • SHA256

      6c92494b84a9819bb490bd3a1a2cc573c2149998ae0cc42a14f2287a4bae8ab0

    • SHA512

      6b87c06e348ebc8b6e3dc65148e1b47e531d45a61c344ed18f57fa7964d90bc5023650fccfd69126cfb02c0427ec6f3a79be171dcab3049f5afb8d91b0f60311

    • SSDEEP

      3072:sMKY0aOO5/oUg8YoGrPZTJ0pZkgOxK6IvdXzwsCF2:J50aOO5/owYoPp7OxKgsl

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks